CVE-2020-16048

Published: 2 November 2021

Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine

6.5

Package	Release	Status
firefox Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	trusty	Does not exist
	upstream	Not vulnerable (debian: Only affects Windows)
	xenial	Not vulnerable
firefox-esr Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	groovy	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (debian: Only affects Windows)
	xenial	Does not exist
mozjs38 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Does not exist
	groovy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
mozjs52 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
mozjs68 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Not vulnerable
	groovy	Not vulnerable
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
mozjs78 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	groovy	Not vulnerable
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
thunderbird Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.